Personal data stored in the browser

Your preferences are stored using the LocalStorage API. This includes
data such as sort order and sort-by field. No sensitive information is
stored here except possibly the names of files or directories which may
have preferences. (E.g., if you set the sort order on a directory, it
will be stored under that directory's name). (As of v3.4.5)

Potentially sensitive file contents are stored temporarily in the browser
using the SessionStorage API. This is used to hold data in case the
app gets disconnected from the internet. This data is maintained between
reloads, but is cleared when you close the browser window. (As of
v3.4.8)

Referrer

The referrer URL (the URL of the site that you came from) is recorded
temporarily in your browser when you first arrive to this site. It is
automatically entered into the credit card payment form, but you may opt
to remove it if you don't want to submit it to me.

If submitted, the referrer URL will be recorded anonymously (not linked
to your user ID).

Referrer is not recorded in my records if Do-Not-Track is enabled in your browser.

Logging

Our hosting platform logs these items:

Your IP address. I do not use this.

The names of directories and files you open in TextDrop. I do not use
this; Added 8/27: however, you should be aware that if you have a
file conflict, Dropbox will add your name to the filename. E.g.,
"readme.txt (John Doe's conflicted copy)" might show up in my web server
logs.

User agent (web browser and OS information). I may use this in the
future.

Credit card info

Your credit card information is not seen or stored by us, it is handled
out-of-band by a third-party payment provider (Stripe).

Directory and file contents

We have access to, but do not store in our servers:

Your Dropbox email address (to send you receipts)

Directories and files you open in TextDrop (to show them in the application)

Once you grant TextDrop access to your Dropbox,
it theoretically has access to all your
files when you are logged in,
but on my honor I will never, ever,
ever read them, store them, or use them in any way
except to deliver them into your active TextDrop session.

Credentials and security tokens

Added 8/27/2012:
If you use the password login feature, we will store your hashed
password in our database as well as your Dropbox OAuth token.

We do not store your OAuth token secret. However, the OAuth token
secret is encoded, but not encrypted, in your password login URL.

Legal stuff

WAIVER OF LIABILITY - We cannot be held liable if someone breaks into our server and steals your data, or if our service corrupts your data. If you do lose data, you can log into Dropbox and revert to an older version of your
file.

We cannot be held liable for emotional, monetary or bodily damages incurred due to the usage of this application or lack of application uptime.